Permission Sensitive Caching Delivery

Objective

Steps

This feature requires an additional servlet, that will be deployed to AEM (you need to code a servlet that responds to HEAD requests to return the correct HTTP code). After deployment, checking whether a user is allowed to access some cached URI is done by requesting /bin/permissioncheck.html?uri=<handle>.

In order to enable permission sensitive caching, add the following section to your farm in the dispatcher.any configuration file. The sample configuration below enables checking for html pages only.

# Authorization checker: before a page in the cache is delivered, a HEAD
# request is sent to the URL specified in 'url' with the query string
# '?uri=<page>'. If the response status is 200 (OK), the page is returned
# from the cache. Otherwise, the request is forwarded to the render and
# its response returned.
/auth_checker
{
# request is sent to this URL with '?uri=<page>' appended
/url "/bin/permissioncheck.html"
# only the requested pages matching the filter section below are checked,
# all other pages get delivered unchecked
/filter
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "*.html"
/type "allow"
}
}
# any header line returned from the auth_checker's HEAD request matching
# the section below will be returned as well
/headers
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "Set-Cookie:*"
/type "allow"
}
}
}

Next, implement and deploy a servlet like the example one below that responds to HEAD requests. Note that a 200 response means the user has access to retrieve the file directly from the dispatcher cache. Any other status than 200 means the request would not be served from cache.